Memory devices with cryptographic components

ABSTRACT

An apparatus, such as a memory system (e.g., a NAND memory system), can have a controller with a first error correction code component and a memory device (e.g., a NAND memory device) coupled to the controller. The memory device can have an array of memory cells, a second error correction code component coupled to the array and configured to correct data from the array, and a cryptographic component coupled to receive the corrected data from the second error correction code component.

TECHNICAL FIELD

The present disclosure relates generally to memory devices, and moreparticularly, to memory devices with cryptographic components.

BACKGROUND

Memory systems may be implemented in electronic systems, such ascomputers, cell phones, hand-held electronic devices, etc. Some memorysystems, such as solid-state drives (SSDs), embedded Multi-MediaController (eMMC) devices, Universal Flash Storage (UFS) devices, andthe like, may include non-volatile storage memories for storing host(e.g., user) data from a host. Non-volatile storage memories providepersistent data by retaining stored data when not powered and mayinclude NAND flash memory, NOR flash memory, read only memory (ROM),Electrically Erasable Programmable ROM (EEPROM), Erasable ProgrammableROM (EPROM), and resistance variable memory, such as phase change randomaccess memory (PCRAM), three-dimensional cross-point memory (e.g., 3DXPoint), resistive random access memory (RRAM), ferroelectric randomaccess memory (FeRAM), magnetoresistive random access memory (MRAM), andprogrammable conductive memory, among other types of memory.

In some examples, memory devices can store secure information and can besusceptible to malicious attacks aimed at obtaining and/or altering thesecure information. Such attacks can include replay attacks, forexample, which can involve the malicious or fraudulent repeat or delayof secure information and can involve intercepting and retransmittingthe secure information.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a simplified block diagram of an apparatus in accordance witha number of embodiments of the present disclosure.

FIG. 2A illustrates a data structure in accordance with a number ofembodiments of the present disclosure.

FIG. 2B illustrates a data structure with ECC data calculated by amemory device in accordance with a number of embodiments of the presentdisclosure.

FIG. 3A is a block diagram of an apparatus (e.g., in the form of amemory system) in accordance with a number of embodiments of the presentdisclosure.

FIG. 3B illustrates a secure memory partition in accordance with anumber of embodiments of the present disclosure.

FIG. 4 illustrates a secure command in accordance with a number ofembodiments of the present disclosure.

FIG. 5 is a schematic diagram of a portion of a memory array inaccordance with a number of embodiments of the disclosure.

DETAILED DESCRIPTION

An example apparatus, such as a memory system (e.g., a NAND memorysystem), can have a controller with a first error correction codecomponent and a memory device (e.g., a NAND memory device) coupled tothe controller. The memory device can have an array of memory cells, asecond error correction code component coupled to the array andconfigured to correct data from the array, and a cryptographic componentcoupled to receive the corrected data from the second error correctioncode component.

Having the cryptographic component on the memory device allows thememory device, via the cryptographic component, to perform cryptographicoperations on data stored in the memory array (e.g., to determinewhether data stored in the memory array is secure) without sending thedata to a controller that is external to the memory device, as iscommonly done in previous approaches.

For example, in some previous approaches, the cryptographic componentcan be in the external controller, and data may be sent from the memorydevice to the external controller to determine whether the data issecure. However, sending the data to the external controller can be aninsecure process, and the security of the data that is sent to theexternal controller can be compromised. Sending the data to the externalcontroller can also be time consuming. Moreover, security provided viaan external controller can be costly since it may involve paying fees tothird parties providing the security functions. As such, having thecryptographic component on the memory device can improve security andcan reduce the time and cost involved in performing cryptographicoperations as compared to having the cryptographic component in anexternal controller.

Some memory devices, such as NAND memory devices, can have relativelyhigh bit error rates (BERs) when user data is read from the memoryarray. As a result, problems can occur when performing cryptographicoperations on user data with such high BERs. Error correction schemesmay be employed to correct data read from a memory array. However, inprevious approaches, the data error correction operations may beperformed by the external controller on user data that is sent from thememory device to the external controller. This means that, in someexamples, the data might be sent to the external controller forcorrection and the corrected data sent back to the memory device forcryptographic operations. However, sending the data back and forthbetween the memory device and the external controller can be an insecureand a time-consuming process. The disclosed embodiments solve theseproblems by locating an error correction component on the memory deviceand using that error correction component to correct data from the arrayfor use by the cryptographic component of the memory device.

FIG. 1 is a simplified block diagram of an apparatus in the form of acomputing system 100 in accordance with a number of embodiments of thepresent disclosure. Computing system 100 includes an apparatus in theform of memory system 102 that can be, for example, a storage systemsuch as an SSD, a UFS device, an eMMC device, etc. In some examples,memory system 102 can be a NAND memory system. However, the disclosedembodiments are not limited to a particular type of memory system. Forexample, memory system 102 could serve as main memory for system 100.

As shown in FIG. 1, memory system 102 can include a controller 104 thatmay be referred to as a memory system controller (e.g., a NANDcontroller), in that controller 104 can control a memory device 106(e.g., a NAND memory device) coupled to controller 104. Controller 104can be external to memory device 106, and therefore, can be referred toas an external controller, such as an external host controller. In someexamples, controller 104 and memory device 106 can be integrated on asingle chip.

Controller 104 has an error correction component 108 (e.g., an externalerror correction component). Memory device 106 has a memory array (e.g.a NAND memory array) 109 coupled to an error correction component 110(e.g., an internal error correction component) that can correct datafrom array 109. For example, array 109 can be coupled to a buffer 111(e.g., a data buffer) that can be a page buffer. Buffer 111 can becoupled to a data path 112 that can be coupled to error correctioncomponent 110. A cryptographic component 114 can be coupled to receivethe corrected data from error correction component 110. As discussedfurther herein, cryptographic component 114 can perform cryptographicoperations on the corrected data, such as to determine whether the datais secure. In some examples, the cryptographic operations can includecalculating cryptographic codes, such as cryptographic hashes, messageauthentication codes (MACs), hash MACS (HMACS), among others.

Array 109 can be laid out logically into logical partitions 116-1 to116-N and a secure logical partition 117. For example, the logicalpartitions can include a number of physical blocks of memory cells eachconfigured to be erased together as a group. Secure partition 117 can beaccessed by secure commands issued by a host 120 that is coupled tocontroller 104. Logical partitions 116-1 to 116-N can be non-securepartitions that can be accessed by non-secure commands from host 120.

In some examples, the memory cells corresponding to the logicalpartitions 116-1 to 116-N can be programmed to store a single bit percell or multiple bits per cell, such as two bits per cell, three bitsper cell, four bits per cell, and so on. However, in a number ofembodiments, the memory cells corresponding to secure logical partition117 may be programmed to store only a single bit per cell in order toensure a relatively low BER as compared to multibit cells. Memory cellsconfigured to store a single bit per cell can be referred to assingle-level cells (SLCs), and memory cells configured to store multiplebits per cell can be referred to as multilevel cells (MLCs).

A memory cell can be programmed to one of 2′ data states, with m beingthe number of bits per cell. Each data state can correspond to adifferent threshold voltage Vt distribution, and the memory cell can beprogrammed to a Vt that can correspond to one of the Vt distributions.For example, for two bits per cell, a memory cell can be programmed to aVt corresponding to one of four data states 11, 10, 01, and 00, and forone bit per cell, a memory cell can be programmed to a Vt correspondingto one of two data states 0 and 1.

Secure commands can refer to commands received from host 120, viacontroller 104, that require authentication, for example. Securecommands may refer to commands directed to addresses corresponding tothe secure partition 117 as opposed commands directed to addressescorresponding to non-secure partitions 116. As discussed further herein,a secure command can include an operation code, a cryptographicsignature, and a freshness indicator. In contrast, non-secure commandsmight not require authentication, and thus might not include a signatureor a freshness indicator.

Memory device 106 can be coupled to controller 104 via an interface 121(e.g., memory interface). For example, interface 121 can couplecontroller 104 to an input/output (I/O) 122 of memory device 106. I/O122 can, in turn, be coupled to data path 112. In some examples,interface 121 can include a data bus that can support various standardsand/or comply with various interface types, such as double data rate(DDR), Open NAND Flash Interface (ONFI), Serial Peripheral Interface(SPI), etc.

Controller 104 can receive secure and non-secure commands, such assecure and non-secure read and write commands from host 120. Controller104 can, for example, receive user data to be written to memory array109 from a host 120 (e.g., via a host interface 123). For example,controller 104 can map secure data to secure logical partition 117 andnon-secure data to logical partitions 116-1 to 116-N.

Host 120 can be, for example, a host system, such as a personal laptopcomputer, a desktop computer, a digital camera, a mobile device (e.g.,cellular phone), network server, Internet of Things (IoT) enableddevice, or a memory card reader, among various other types of hosts. Forinstance, host 120 can include one or more processors capable ofaccessing memory system 102 (e.g., via controller 104) over interface123 that can include a bus. Interface 123 may be a standardizedinterface, such as a serial advanced technology attachment (SATA),peripheral component interconnect express (PCIe), or a universal serialbus (USB), among various others.

FIG. 2A illustrates a data structure 225 (e.g., a managed unit) inaccordance with a number of embodiments of the present disclosure.Controller 104 can send data structure 225 to memory device 106 during awrite (programming) operation that writes data structure 225 to array109. In some examples, data structure 225 can be referred to as acodeword. Data structure 225 can correspond to a page of data in a blockof memory cells, for example.

Data structure 225 can include segments 227-1 to 227-4 of data that canbe respectively Frame 1 to Frame 4. However, the disclosure is not solimited, and there can be any number of segments in data structure 225.In some examples, the respective segments 227-1 to 227-4 can be referredto as respective sub-codewords.

The segments 227-1 to 227-4 can respectively include user data fields228-1 to 228-4, spare data fields 229-1 to 229-4 that can respectivelystore spare data SPARE1 to SPARE4, and error correction code (ECC)fields 230-1 to 230-4 that can respectively store ECC data ECC1 to ECC4.In some examples, each of the user data fields 228-1 to 228-4 can storefour kilobytes of user data; each of the spare data fields 229-1 to229-4 can store 16 bytes of spare data; and each of the error correctioncode fields 230-1 to 230-4 can store 516 bytes of ECC data. However, thedisclosure is not so limited.

Controller 104 can respectively put user data USER1 to USER4 from host120 in user data fields 228-1 to 228-4. ECC component 108 can calculateECC data ECC1 to ECC4 respectively from user data USER1 to USER4, andcontroller 104 can respectively put the ECC data ECC1 to ECC4 in userdata fields 228-1 to 228-4. For example, the ECC data ECC1 to ECC4respectively corresponds to user data USER1 to USER4.

Data structure 225 can include a correction code 231, such as aBose-Chaudhuri-Hocquenghem (BCH) code, that can be used to correct thewhole data structure 225. For example, ECC1 to ECC4 can be referred toas inner correction codes, and correction code 231 can be referred to asan outer correction code. In some examples, correction code 231 can beused when one or more of ECC1 to ECC4 fails to correct its correspondinguser data. The correction code 231 can be 80 bytes in some examples, butthe disclosure is not so limited.

When data structure 225 is non-secure and the user data USER1 to USER4is non-secure data, controller 104 can use spare data fields 229-1 to229-4 for various purposes. For example, controller 104 can programvarious patterns of spare data SPARE1 to SPARE4 respectively in sparedata fields 229-1 to 229-4. Controller 104 can send the non-secure datastructure 225 to buffer 111, and the non-secure data structure 225 inbuffer 111 can be written to a non-secure partition 116. For example,the non-secure data structure 225 can be written in a group (e.g., apage) of SLCs or MLCs in a non-secure partition 116.

When the user data USER1 to USER4 is secure data, controller 104 mightnot use the spare data fields 229-1 to 229-4. For example, controller104 may write the spare data SPARE1 to SPARE4 as patterns of all ones orall zeros in the spare data fields 229-1 to 229-4. Controller 104 canthen send the secure data structure to data buffer 111.

In some examples, the secure user data USER1 to USER4 can also be sentto ECC component 110, and ECC component 110 can calculate ECC data fromuser data USER1 to USER4. The ECC data calculated from user data USER1to USER4 by ECC component 110 can be respectively stored in the sparedata fields 229-1 to 229-4 while data structure 225 is in buffer 111.For example, the spare data SPARE1 to SPARE4 can be respectively the ECCcalculated from user data USER1 to USER4. In some examples, the patternsof all ones or zeros of the respective spare data SPARE1 to SPARE4 canbe overwritten with the respective ECC calculated from user data USER1to USER4.

FIG. 2B illustrates a data structure 225′ with secure user data and ECCdata calculated by memory device 106 in accordance with a number ofembodiments of the present disclosure. In FIG. 2B, the ECC data ECC′1 toECC′4 is respectively calculated from user data USER1 to USER4 by ECCcomponent 110 and is respectively stored in spare data fields 229-1 to229-4. For example, the patterns of all ones or zeros of the respectivespare data SPARE1 to SPARE4 can be overwritten with the respective ECCdata ECC′1 to ECC′4. The secure data structure 225′ can be in buffer 111and can be written in secure partition 117. For example, the secure datastructure 225′ in FIG. 2B can be programmed only in a group of SLCs insecure partition 117.

ECC component 110 can be referred to as a “light ECC” component, forexample, because it may use fewer ECC bits than ECC component 108. Forexample, the ECC′ data can be referred to as light ECC data. In someexamples, ECC′ can be eight-bit ECC and can recover a BER of about 10⁻⁸to a final target BER of about 10⁻¹⁵. For example, the light ECC can besufficient due to the lower BERs associated with the SLCs that store thesecure user data in partition 117. ECC component 108 can be a heavierECC component that ECC component 110 because ECC component 108 can beused to correct user data from the MLCs in partitions 116. Note thatMLCs can have higher BERs that SLCs.

In some examples, the secure data structure 225′ depicted in FIG. 2B canbe read from secure partition 117 to buffer 111. The user data USER1 toUSER4 can be corrected by ECC component 110 respectively using the ECCdata ECC′1 to ECC′4. Cryptographic component 114 can then computerespective cryptographic codes from the respective corrected user dataUSER1 to USER4.

FIG. 3A is a detailed block diagram of an apparatus in the form of amemory system 302 that can be memory system 102 in accordance with anumber of embodiments of the present disclosure. The figures hereinfollow a numbering convention in which the first digit or digitscorrespond to the drawing figure number and the remaining digitsidentify an element or component in the drawing. Similar elements orcomponents between different figures may be identified by the use ofsimilar digits. For example, in the number 117, the digit 1 refers toFIG. 1, and the digits 17 identify the secure partition in FIG. 1.Similarly, in the number 317, the digit 3 refers to FIGS. 3A and 3B, andthe digits 17 identify a similar secure partition in FIGS. 3A and 3B.

Memory system 302 can include a memory device 306 coupled to acontroller 304 by an interface 321. For example, controller 304 can becoupled to I/O 322 by interface 321. Controller 304 can be controller104 and can include an ECC component 308 that can be ECC component 108.Controller 304 can be coupled to a host, such as host 120, by a hostinterface 323. I/O 322 can be coupled to a data path 312. Data path 312can be coupled to a buffer 311 that can be coupled to read/writecircuitry 335 and that can be buffer 111.

Read/write circuitry 335 can be coupled to a memory array 309. Portions(e.g., blocks or groups of blocks) of array 309 can correspond tonon-secure logical partitions 316-1 to 316-N and secure logicalpartitions 317 and 317′.

FIG. 3B illustrates secure partition 317 in accordance with a number ofembodiments of the present disclosure. Secure partition 317 can store anumber of data structures 325′ (e.g., 325′-1 to 325′-M). Each of thedata structures 325′-1 to 325′-M can be configured as secure datastructure 225′, for example. Data structures 325′-1 to 325′-M canrespectively be addressed by addresses (e.g., page addresses) Addr-1 toAddr-M.

Secure partition 317 can include a secret region 332 that can beinaccessible to the user. For example, secret region 332 can lie outsideof the address space accessible to the user. A secret key (e.g., a rootkey) 333 can be stored in secret region 332. In some examples, secretkey 333 can be stored in secret region 332 at the manufacturing facilitybefore memory system 302 is released to the user (e.g., consumer).Alternatively, secret key 333 can be generated by memory device 306, asdiscussed further herein.

A cryptographic code, such as a golden measure 334, can be stored insecret region 332. For example, golden measure 334 can be calculated forsecure partition 317 the first time the data is stored in the securepartition 317 before any operations, such as read, write, or eraseoperations, have been performed. Golden measure 334 can be leftunaltered for the lifetime of memory device 306, for example. Goldenmeasure 334 can correspond to the user data stored in data structures325′-1 to 325′-M. Golden measure 334 can be compared to a cryptographicmeasure calculated by memory device 306 from the user data stored indata structures 325′-1 to 325′-M to determine whether the user data issecure, as discussed further herein.

In some examples, secure partition 317 can be a secure sub-partition ofseveral of such sub-partitions that can make up a larger securepartition. In such examples, each sub-partition can be addressed by arespective sub-partition address. Each respective sub-partition can, forexample, have a respective number of data structures 325′ and arespective golden measure 334 corresponding to the user data in therespective number of data structures. However, the secret key 333 can befor the partition as a whole. For example, secret key 333 can be used incryptographic operations performed on the various sub-partitions

Partition 317′ can store the same data as secure partition 317.Partition 317′ can be a backup partition to partition 317 that can beswapped with partition 317 during a remediation process, as discussedfurther herein. For example, the data in partitions 317 and 317′ can bethe same when the data is first stored partitions 317 and 317′. However,the data in partition 317′ can be left unaltered (e.g., never updated)so that the data remains in its initial state. For example, nooperations, such as read, write, or erase operations, may be performedon the data after the data is stored in partition 317′. Alternatively,the data in partitions 317 and 317′ can be updated together to have thesame patterns. In some examples, partition 317′ can be a secretpartition that can be hidden from the user such that partition 317′ isinaccessible to the user.

Read/write circuitry 335 can write secure data, such as secure datastructure 225′ from buffer 311 into secure partition 317. Read/writecircuitry 335 can read the secure data from secure partition 317 intobuffer 311.

In some examples, non-secure data, such as a non-secure data structurein the format data structure 225 with non-secure user data, can be sentfrom controller 304 to buffer 311 via interface 321, I/O 322, and datapath 312 during a non-secure write operation, and read/write circuitry335 can write the non-secure data into a partition 316.

Read/write circuitry 335 can read the non-secure data structure from anon-secure logical partition 316 into buffer 311 during a non-secureread operation. The read non-secure data can be sent to controller 304and the user data can be corrected by ECC component 308.

A data selector 337 of memory device 306 can be coupled to data path312. Data selector 337 can be coupled to an ECC component 310 (e.g., alight ECC component) that can be ECC component 110. ECC component 310can be coupled to an input of a multiplexer 339. Data path 312 can bedirectly coupled (e.g., with no intervening components) to another inputof multiplexer 339 by a data bus 341.

I/O 322 can be coupled to a command interface 342 (e.g., a command userinterface). Command interface 342 can be coupled to a controller 345 ofmemory device 306. Controller 345 can be coupled to another input ofmultiplexer 339.

Controller 345 can be referred to as an internal controller because itis internal to memory device 306, as opposed to controller 304 being anexternal controller because controller 304 is external to memory device306. In some examples, controller 304 can be a memory system controllerbecause it can control memory device 306, and controller 345 can bereferred to as an embedded controller.

Controller 345 can send respective control signals to ECC component 310,data selector 337, data path 312, buffer 311, and read/write circuitry335. For example, the respective control signals can activate ECCcomponent 310, data selector 337, data path 312, buffer 311, andread/write circuitry 335. Controller 345 can send respective controlsignals to multiplexer 339. Each respective signal can cause multiplexer339 to select a respective input.

An output of multiplexer 339 can be coupled to an input of ademultiplexer 350 that can, for example, be part of a cryptographiccomponent 314 that can be cryptographic component 114. Cryptographiccomponent 314 can include a message authentication code (MAC) component,such as an HMAC component 352. Cryptographic component 314 can alsoinclude a cryptographic hash component, such as a SHA component 354,coupled to HMAC component 352. For example, SHA component 354 canimplement a SHA-256 HASH algorithm. Respective outputs of demultiplexer350 can be respectively coupled to SHA component 354 and HMAC component352.

Cryptographic component 314 can include control logic 356 coupled toHMAC component 352 and SHA component 354. Control logic 356 can becoupled to receive control signals from controller 345 that can activatecontrol logic 356. Control logic 356 can output control signals todemultiplexer 350. For example, a control signal can cause demultiplexer350 to select the output coupled to HMAC component 352, and anothercontrol signal can cause demultiplexer 350 to select the output coupledto SHA component 354. In some examples, control logic 365 can sendvarious results and/or flags to controller 345 and/or command interface342 related to the operations performed by cryptographic component 314.

Memory device 306 can include a monotonic counter 360 coupled tocontroller 345 and a physical unclonable function (PUF) component 362coupled to controller 345. Monotonic counter 360 can increment amonotonically increasing count (MTC) each time a secure command isreceived by memory device 306 from controller 304. In some examples,monotonic counter 360 can increment the MTC for each power cycle ofreset of memory device 306. The MTC can be a freshness indicator thatcan be compared to a corresponding freshness indicator embedded in thesecure command to determine the freshness of the secure command. Thiscan guard against (e.g., eliminate) the possibility of replay.

A PUF can be based on physical phenomena and/or physical characteristicsof memory device 306, such as temperature, noise, signal speed,structural characteristics, etc. PUF component 362 can generate randomnumbers, for example. In some examples, a PUF generated by PUF component362 can be used to generate a secret key, such as secret key 333, thatcan be used by HMAC component 352 for cryptographic operations.

The secret key can be a PUF, for example. In some examples, controller345 can send a PUF and an MTC to SHA component 354 via multiplexer 339and demultiplexer 350, so SHA component 354 can generate the secret keyby hashing the PUF with the MTC (e.g., secret key=HASH(PUF|MTC)).Alternatively, controller 345 can send a PUF, MTC, and data fromcontroller 304 to SHA component 354, so SHA component 354 can generatethe secret key by hashing the PUF with the MTC and the data (e.g.,secret key=HASH(PUF|MTC data)).

I/O 322 can route commands from controller 304 to command interface 342according to a specific protocol, such as an SPI protocol or an ONFIprotocol, among other protocols. Command interface 342 can receive anon-secure command and can evaluate the command to determine whether thecommand is correct. For example, command interface 342 can determinewhether the command is correct by determining whether the commandincludes the expected operation code and the expected commandparameters. In response to determining that the command is correct,command interface 342 can send a control signal to activate data path312 and I/O 322 to route data. Command interface 342 can also activatecontroller 345 for executing the command.

In the case, of a non-secure write command, activating data path 312 andI/O 322 routes data, corresponding to the non-secure write command, fromcontroller 304 to buffer 311 via I/O 322 and data path 312. In the case,of a non-secure read command, activating data path 312 and I/O 322routes data, corresponding to the non-secure read command, from buffer311 to controller 304 via data path 312 and I/O 322.

FIG. 4 illustrates a secure command 470 in accordance with a number ofembodiments of the present disclosure. Command 470 can include anoperation code (Opcode) field 471 that can store an Opcode (e.g.,hexadecimal code 0x9B). Command 470 can include a command type (CmdType)field 472 that can store a Sub-opcode as a command type. Command 470 caninclude a command arguments field 473 that can include a freshness field474 that can store a freshness of the command, such as an MTC or a NONCE(e.g., an arbitrary number that is used only once). Command argumentsfield 473 can also include a command parameter field 475 that can storeparameters of the command and a command signature field that can store asignature of the command. A command payload 477 can include the Opcode,Sub-opcode, freshness, and the parameters, for example.

Command interface 342 can receive secure command 470 from controller304. Command interface 342 can activate controller 345 in response todetermining that the Opcode is correct. Controller 345 can thenauthenticate command 470. For example, controller 345 can determinewhether the Sub-opcode, the number of bytes in payload 477, and thefreshness are correct. If any of these is incorrect, controller 345 canabort the command and send an error message to controller 304 throughcommand interface 342 and I/O 322. Note that controller 345 candetermine the freshness by comparing the MTC in command 470 to the MTCfrom monotonic counter 360, for example. In response to the Sub-opcode,the number of bytes in payload 477, and the freshness being correct,controller can verify the signature in command 470.

In some examples, controller 345 can verify the signature by comparingthe signature to a local cryptographic signature calculated bycryptographic component 314. For example, cryptographic component 314can calculate the local signature as a MAC of payload 477 and a secretkey K, such as secret key 333. Payload 477 can be sent from controller345 to cryptographic component 314 via multiplexer 339 and demultiplexer350, for example.

Cryptographic component 314 can send the local signature to controller345 via a bus 378. Controller 345 can execute command 470 in response tothe signature in command 470 matching the local signature or abortcommand 470 in response to the signature in the command 470 not matchingthe local signature.

In some examples, the local signature can be an HMAC calculated by HMACcomponent 352 from the payload 477 and the secret key K (e.g., asHMAC(payload, K)). For example, controller 345 can send a control signalto control logic 356, requesting an HMAC calculation. Controller 345 canalso send a control signal to multiplexer 339 that causes multiplexer339 to select the input from controller 345 for output from multiplexer339 so that multiplexer 339 can output payload 477 to demultiplexer 350.Control logic 356 can send a control signal to demultiplexer 350 thatcauses demultiplexer 350 to direct payload 477 to HMAC component 352.Controller 345 can send a control signal to control logic 356, andcontrol logic 356 can cause HMAC component 352 to calculate the localsignature in response to control logic 356 receiving the control signal.Control logic 356 can send the local signature to controller 345 overbus 378.

In some examples, the local signature can be calculated by using HMACcomponent 352 in conjunction with SHA component 354. For example, HMACcomponent 352 can combine the secret key K with inner padding (ipad),such as by XORing K and ipad (e.g., K XOR ipad). HMAC component 352 cancombine the result of the XORing with the payload to produce (K XORipad)∥payload. SHA component 354 can then calculate a cryptographic HASHof (K XOR ipad)∥payload as HASH[(K XOR ipad)∥payload]. HMAC component352 can then XOR K with an outer padding (opad) and combine the resultof that XOR with HASH[(K XOR ipad)∥ payload] to produce (K XORopad)∥HASH[(K XOR ipad)∥payload]. SHA component 354 can then calculatethe cryptographic HASH of (K XOR opad)∥HASH[(K XOR ipad)∥ payload] asHASH[(K XOR opad)∥ HASH[(K XOR ipad)∥ payload]] that can be the localsignature. Note that SHA component 354 is used twice in this example.

In some examples, cryptographic operations can be performed onnon-secure user data from controller 304 by cryptographic component 314in response to commands from controller 304. For example, cryptographiccomponent 314 can compute a MAC of the user data and a key received fromcontroller 304 (e.g., MAC(user data, key)) in response to a MAC commandfrom controller 304 or a HASH of the user data received from controller304 in response to a HASH command from controller 304. The computed MACor HASH can then be returned to controller 304.

In some examples, the command (e.g., the MAC or HASH command) can bereceived at command interface 342 from controller 304, and commandinterface 342 can activate controller 345. Controller 345 can activate,via control signals, I/O 322 and data path 312 so that a data structure,such as data structure 225, corresponding to the command can be sentfrom controller 304 to buffer 311 via I/O 322 and data path 312.

Controller 345 can activate, via control signals, buffer 311 and datapath 312 so that the user data in the data structure in buffer 311 canbe sent from buffer 311 to the input of multiplexer 339 coupled to databus 341. Controller 345 can cause multiplexer 339 to select the userdata for output to demultiplexer 350.

Controller 345 can activate control logic 356 (e.g., via a “handshake”operation between controller 354 and control logic 356). The activatedcontrol logic 356 can activate the HMAC component 352 and can causedemultiplexer 350 to direct the user data to HMAC component 352. Inexamples in which a controller 304 provides a key, the key can be sentto controller 345 with the command, and controller 345 can send the keyto control logic 356 via bus 378.

When the user data in the data structure 225 in FIG. 2A is secure, datastructure 225 can be written to data buffer 311 in response to a securewrite command being authenticated, as described previously. For example,controller 345 can activate I/O 322 and data path 312 in response toauthenticating the write command so that data structure 225 can be sentto data buffer 311 via I/O 322 and data path 312.

Controller 345 can activate, via control signals, buffer 311, data path312, data selector 337, and ECC component 310. The respective frames,Frame 1 to Frame 4, of data structure 225 can then be sent to dataselector 337 from buffer 311 so that data selector 337 can select therespective user data USER1 to USER4 and send the respective user dataUSER1 to USER4 to ECC component 310. ECC component 310 can calculate therespective ECC′1 to ECC′4 from the respective user data USER1 to USER4.

ECC component 310 can send the respective ECC′1 to ECC′4 back to buffer311 so that the respective ECC′1 to ECC′4 can be written in therespective spare fields 229-1 to 229-4. For example, the respectivespare data SPARE1 to SPARE4 (e.g., having data patterns of all ones orzeros) can be overwritten with the respective ECC′1 to ECC′4 (e.g., toproduce data structure 225′). Data structure 225′ can be written frombuffer 311 into secure partition 317 by read/write circuitry 335 inresponse to controller 345 activating read/write circuitry 335 via acontrol signal.

A secure data structure, such as a secure data structure 225′, can beread from partition 317 in response to a secure read command fromcontroller 304 being authenticated, as described previously. Controller345 can activate read/write circuitry 335 in response to authenticatingthe read command so that read/write circuitry 335 can read the datastructure into data buffer 311.

Controller 345 can activate buffer 311, data path 312, and I/O 322 sothat the data structure can be routed from buffer 311 to controller 304.In some examples, ECC component 308 can correct the user data, such asUSER1, USER2, USER3, and USER4 (FIG. 2B), with respective ECC data, suchas ECC1, ECC2, ECC3, and ECC4.

In some examples, memory device 306 can determine whether the user datain secure partition 317 is secure each time memory device 306 is poweredup or reset. For example, controller 304 can send a secure command tomemory device 306, each time memory system 302 is powered up or reset,that can cause memory device 306 to determine whether the user data inpartition 317 is secure.

Memory device 306 can determine whether the user data is secure bydetermining whether the user data has changed (e.g., since memory device306 was last powered down). This can be accomplished by calculating acryptographic measure for the user data in secure partition 317 andcomparing the cryptographic measure to golden measure 334.

In some examples, the cryptographic measure can be an HMAC of all theuser data in partition 317. The HMAC can be similar to the HMACdescribed previously in conjunction with the local signature (e.g.,HMAC(user data, K)). For example, the cryptographic measure can be thelocal signature HASH computed by HMAC component 352 in conjunction withSHA component 354 with the user data being the payload.

The secure command can be authenticated by controller 345, as describedpreviously. Controller 345 can execute the authenticated command todetermine the cryptographic measure for partition 317. Controller 345can activate read/write circuitry 335 to read the data structures 325′-1to 325′-M one by one from partition 317 into buffer 311. Controller 345can activate, via control signals, buffer 311, data path 312, dataselector 337, and ECC component 310. ECC component 310 can correct therespective user data in each of the data structures 325′-1 to 325′-Mwith the respective ECC data calculated by ECC component 310. ECCcomponent 310 can send the corrected user data to cryptographiccomponent 314, and cryptographic component 314 can calculate thecryptographic measure of the corrected user data.

Controller 345 can send a control signal to multiplexer 339 that cancause multiplexer 339 select the input coupled to ECC component 310 sothat ECC component 310 can send the corrected user data to demultiplexer350. In some examples, controller 345 can activate control logic 356,via a “handshake” operation, and control logic 356 can send a signal todemultiplexer 350 that causes demultiplexer 350 to pass the correcteduser data to HMAC component 352. HMAC component 352 (e.g., inconjunction with SHA component 354) can then calculate the cryptographicmeasure from the corrected user data.

The cryptographic measure can be compared to golden measure 334. If thecryptographic measure is equal to the golden measure 334, the user datain partition is unchanged, and thus secure. However, if thecryptographic measure is not equal to the golden measure 334, the userdata in partition has been changed (e.g., due to a hacker attack), andis thus deemed not secure.

For examples in which each of the respective data structures 325′-1 to325′-M is configured as data structure 225′. The respective frames,Frame 1 to Frame 4, can be sent to data selector 337 from buffer 311 sothat data selector 337 can select the respective user data USER1 toUSER4 and the respective ECC data ECC′1 to ECC′4 and send USER1 to USER4and the respective ECC data ECC′1 to ECC′4 to ECC component 310. ECCcomponent 310 can correct the respective user data USER1 to USER4 withthe respective ECC′1 to ECC′4 and send the corrected user data USER1 toUSER4 to cryptographic component 314. This process can be repeated eachof the respective data structures 325′-1 to 325′-M.

In some examples, golden measure 334 can be calculated as describedpreviously for the cryptographic measure, but for the initial state ofthe user data (e.g., the initial user data) in partition 317 when theuser data is first stored in the secure partition 317 and no operations,such as read, write, or erase operations, have been performed onpartition 317. For example, golden measure 334 can be an HMAC. The HMACcan be similar to the HMAC described previously in conjunction with thelocal signature (e.g., HMAC(initial user data, K)). For example, goldenmeasure 334 can be the local signature HASH computed by HMAC component352 in conjunction with SHA component 354 with the initial user databeing the payload.

When the errors in the user data in a frame of a data structure cannotbe corrected by ECC component 310, internal controller 345 can causeread/write circuitry 335 to re-read the data structure, for example, soECC component 310 can correct the user data in each frame of the re-readdata structure.

In some examples, controller 304 can read the data structure in buffer311 in response to ECC component 310 not being able to correct the userdata in a frame of the data structure. For example, ECC component 308can correct the data in the respective frames of the data structure,such as USER1, USER2, USER3, and USER 4, with the corresponding ECC datacalculated by ECC component 308, such as ECC1, ECC2, ECC3, and ECC4.Controller 304 can then send the data structure with the corrected userdata (e.g., externally corrected user data) to data buffer 311.Controller 345 can then cause the data selector 337 to select theexternally corrected user data. Controller 345 can, in some examples,place ECC component 310 in a bypass mode so that data selector 337 canselect the externally corrected user data to cryptographic component 314without correction by ECC component 310. This can be done during thecalculation of the cryptographic measure, for example.

In some examples, controller 304 might be used to correct the data inpartition 317 only when any of the data in partition 317 has changed.Alternatively, a remediation procedure can be used when any of the datain partition 317 has changed. The data in partition 317 can be changedas a result of a hacker attack or a technical failure in the operationof memory device 306. The remediation procedure can also be performed inresponse to the cryptographic measure not matching golden measure 344.The remediation procedure can involve controller 345 replacing partition317 with partition 317′, for example.

In the various preceding examples involving secret key 333, secret key333 was used directly. However, in some examples, session keys can beused in place of secret key 333. For example, a new (e.g., different)session key can be used during each power cycle of memory system 302that can start at each power-up (e.g., reset) of memory system 302. Asession key can be calculated, for example, for a power cycle at the endof the preceding power cycle by cryptographic component 314. Forexample, the session key can be the MAC of secret key 333 and the MTC atthe end of the preceding power cycle (e.g., session key=MAC(MTC, secretkey)). Alternatively, session key=HMAC(MTC, secret key), for example.

Memory device 306 can have a memory-device identifier (ID). In someexamples, in response to a memory device authentication command fromcontroller 304, controller 345 can send the ID to cryptographiccomponent 314. Cryptographic component 314 can calculate a cryptographiccode (e.g., a signature ID) as a MAC of secret key 333 and the ID (e.g.,signature ID=MAC(secret key, ID). Cryptographic component 314 can returnthe signature ID to controller 345, and controller 345 can send thesignature ID to controller 304. Controller 304 can compare to signatureID to a correct signature ID for memory device 306 and can determinefrom the comparison if memory device is authentic. If the signature IDsmatch memory device 306 is authentic. Otherwise, memory device 306 isnot authentic and, for example, could be a clone.

FIG. 5 is a schematic diagram of a block 580 (e.g., a NAND block) ofnon-volatile memory cells that can be a portion of array 109 of 309(e.g., a NAND array). In some examples, block 580 can correspond to anon-secure partition 116 or 316 or a secure partition 117 or 317.

Block 580 includes groups (e.g., NAND strings 581-1 to 581-I) ofseries-coupled memory cells. Each of NAND strings 581-1 to 581-I caninclude memory cells 582-1 to 582-J coupled in series between a selecttransistor 583 and a select transistor 584. NAND strings 581-1 to 5814can be respectively selectively coupled to data lines 585-1 to 5854(e.g., bit lines) by the respective select transistors 584 in responseto an activation signal being applied to a select line 586 commonlycoupled to the gates of select transistors 584. NAND strings 581-1 to581-I can be selectively coupled to a common source 587 by therespective select transistors 583 in response to an activation signalbeing applied to a select line 588 commonly coupled to the gates ofselect transistors 583.

Access lines 590-1 to 590-J (e.g., word lines) can be respectivelycommonly coupled to the control gates of memory cells 582-1 to 582-J.For example, a group of memory cells 582 at a common location in NANDstrings 581-1 to 581-N can be commonly coupled to a respective accessline 590. In some examples, a group of memory cells commonly coupled toan access line can be a page of memory cells. For example, therespective groups of I memory cells respectively commonly coupled toaccess lines 590-1 to 590-J can be respective pages of memory cells. Assuch, there can be J pages of memory cells in block 580, each having Imemory cells. However, the present disclosure is not so limited, andvarious groupings of memory cells commonly coupled to an access line cancorrespond to a page. In some examples a data structure, such as datastructure 225, 225′, or 325′, can be stored the pages.

Note that all of the memory cells 582 of block 580 can be commonlyerased during an erase process, regardless of whether block 580 is partof a secure of non-secure partition. When block 580 is part of a securepartition, block 580 can be erased in response to a secure erasecommand, received from controller 304, that can be authenticated asdescribed previously. When block 580 is part of a non-secure partition,block 580 can be erased in response to a non-secure erase received fromcontroller 304. In some examples, the memory cells 582 can be written orread a page at time.

Each of the memory cells 582 can include a charge storage structure 591,such as a floating gate or a charge trapping layer, among others, and acontrol gate 592. Changes in Vts of memory cells 358 through programmingof charge storage structures 378 can determine the data state of eachcell.

Memory cells 582 can be SLCs that can store a single bit per cell orMLCs multiple bits per cell such as, two bits per cell, three bits percell, such as three-level cells (TLCs), four bits per cell, such asquad-level cells (QLCs), and so on. Note that partitions 117 and 317 caninclude blocks of SLCs only, whereas partitions 116 or 316 can includeblocks of SLCs and/or MLCs.

In some examples, block 580 can be a portion of a stacked memory arraythat can be referred to as a three-dimensional (3D) memory array, suchas a three-dimensional NAND memory array. In a stacked memory array,NAND strings 581 can be adjacent to semiconductor structures (e.g.,vertical semiconductor pillars), and the memory cells 582 in NANDstrings 581 can be at different levels (e.g., vertical levels). Thememory cells 582 commonly coupled to an access line 590, such as a pageof memory cells, can be at a common level, for example, and may form alevel of memory cells, sometimes referred to as a tier of memory cells.

In the preceding detailed description of the present disclosure,reference is made to the accompanying drawings that form a part hereof,and in which is shown by way of illustration how a number of embodimentsof the disclosure may be practiced. These embodiments are described insufficient detail to enable those of ordinary skill in the art topractice the embodiments of this disclosure, and it is to be understoodthat other embodiments may be utilized and that process, electrical,and/or structural changes may be made without departing from the scopeof the present disclosure.

As used herein, “a number of” or a “quantity of” something can refer toone or more of such things. For example, a number of or a quantity ofmemory cells can refer to one or more memory cells. A “plurality” ofsomething intends two or more. As used herein, the term “coupled” mayinclude electrically coupled, directly coupled, and/or directlyconnected with no intervening elements (e.g., by direct physicalcontact), indirectly coupled and/or connected with intervening elements,or wirelessly coupled. The term coupled may further include two or moreelements that co-operate or interact with each other (e.g., as in acause and effect relationship).

Although specific embodiments have been illustrated and describedherein, those of ordinary skill in the art will appreciate that anarrangement calculated to achieve the same results can be substitutedfor the specific embodiments shown. This disclosure is intended to coveradaptations or variations of a number of embodiments of the presentdisclosure. It is to be understood that the above description has beenmade in an illustrative fashion, and not a restrictive one. Combinationof the above embodiments, and other embodiments not specificallydescribed herein will be apparent to those of skill in the art uponreviewing the above description. The scope of a number of embodiments ofthe present disclosure includes other applications in which the abovestructures and methods are used. Therefore, the scope of a number ofembodiments of the present disclosure should be determined withreference to the appended claims, along with the full range ofequivalents to which such claims are entitled.

In the foregoing Detailed Description, some features are groupedtogether in a single embodiment for the purpose of streamlining thedisclosure. This method of disclosure is not to be interpreted asreflecting an intention that the disclosed embodiments of the presentdisclosure have to use more features than are expressly recited in eachclaim. Rather, as the following claims reflect, inventive subject matterlies in less than all features of a single disclosed embodiment. Thus,the following claims are hereby incorporated into the DetailedDescription, with each claim standing on its own as a separateembodiment.

What is claimed is:
 1. An apparatus, comprising: a controller comprisinga first error correction code component; and a memory device coupled tothe controller, the memory device comprising: an array of memory cells;a second error correction code component coupled to the array andconfigured to correct data from the array; and a cryptographic componentcoupled to receive the corrected data from the second error correctioncode component.
 2. The apparatus of claim 1, wherein the first errorcorrection code component is configured to correct the data from thearray using a first error correction code; and the second errorcorrection code component is configured to correct the data from thearray using a second error correction code.
 3. The apparatus of claim 2,wherein the first error correction code component is configured tocalculate the first error correction code; and the second errorcorrection code component is configured to calculate the second errorcorrection code.
 4. The apparatus of claim 1, wherein the cryptographiccomponent is configured to calculate a first cryptographic code from thereceived data; and the memory device is configured to compare the firstcryptographic code to a second cryptographic code stored in the array.5. The apparatus of claim 4, wherein the first and second cryptographiccodes are based on a secret key stored in the array.
 6. The apparatus ofclaim 4, wherein the first and second cryptographic codes are first andsecond cryptographic hashes.
 7. The apparatus of claim 1, wherein thecontroller is an external controller external to the memory device andis coupled to the memory device via a memory interface and to a host viaa host interface; and the memory device comprises an internalcontroller.
 8. The apparatus of claim 7, wherein the memory devicecomprises a monotonic counter coupled to the internal controller.
 9. Theapparatus of claim 8, wherein the internal controller is configured tocompare a monotonic count from the monotonic counter to a monotoniccount in a command received from the first controller to determine afreshness of the command.
 10. The apparatus of claim 7, wherein thememory device comprises a physical unclonable function component coupledto the internal controller.
 11. The apparatus of claim 1, wherein thecryptographic component comprises a SHA component coupled to a hashmessage authentication code component.
 12. The apparatus of claim 11,wherein the cryptographic component further comprises control logiccoupled to the SHA component and to the hash message authentication codecomponent.
 13. The apparatus of claim 1, wherein the memory device is aNAND memory device.
 14. The apparatus of claim 1, wherein cryptographiccomponent is configured to receive data from the controller withoutcorrecting the data with the second error correction code component; andcalculate a cryptographic code from the data.
 15. A memory device,comprising: an array of memory cells comprising a portion correspondingto a secure partition; a buffer coupled to the array and configured toreceive a data structure, from the secure partition, comprisingplurality of respective segments of data, wherein each of the respectivesegments comprises respective user data and respective first errorcorrection code data calculated externally to the memory device; anerror correction code component coupled to the buffer and configured toreceive the respective user data from the data structure in the buffer,to calculate respective second error correction code data from therespective user data, and to add the respective second error correctioncode data to the respective segments of the data structure; a controllerconfigured to write the data structure from the buffer to the securepartition after the respective second error correction code data isadded to the respective segments of the data structure; and acryptographic component coupled to the second error correction codecomponent; wherein the error correction code component is configured tocorrect the respective user data using the respective second errorcorrection code data and to send the corrected respective user data tothe cryptographic component.
 16. The memory device of claim 15, whereinthe controller is a first controller, the memory device furthercomprising a command user interface coupled to the first controller,wherein the command user interface is configured to activate the firstcontroller in response to receiving a command from a second controllerthat is external to the memory device.
 17. The memory device of claim16, wherein the first controller is configured to authenticate thecommand, in response to being activated, by determining a freshness ofthe command; causing the cryptographic component to calculate asignature in response to determining that the command is fresh; andcomparing the calculated signature to a signature in the command. 18.The memory device of claim 17 wherein the calculated signature is a hashmessage authentication code based on a key and a payload of the commandreceived at the cryptographic component from the first controller. 19.The memory device of claim 18, wherein the key is a secret key stored inthe array.
 20. The memory device of claim 18, wherein the key is asession key that is a message authentication code of a secret key storedin the array and a monotonic count of a monotonic counter of the memorydevice.
 21. A method, comprising: reading data from a memory array of amemory device, the data comprising user data, first error correctiondata calculated by an external controller from the user data, and seconderror correction data calculated by an error correction code componentof the memory device from the user data; correcting, by the errorcorrection code component, the user data with the second errorcorrection data; sending the corrected user data from the errorcorrection code component to a cryptographic component of the memorydevice; and performing, by the cryptographic component, cryptographicoperations on the corrected user data.
 22. The method of claim 21,further comprising, before correcting the user data with the seconderror correction data: sending the data from memory array to a dataselector of the memory device; selecting, by the data selector, the userdata and the second error correction data from the data; and sending theuser data and the second error correction data from the data selector tothe error correction code component.
 23. The method of claim 21, whereinperforming, by the cryptographic component, cryptographic operations onthe corrected user data comprises calculating a cryptographic measurefrom the corrected data by the cryptographic component, wherein themethod further comprises: comparing the calculated cryptographic measureto a golden measure stored in the memory array.
 24. The method of claim23, wherein reading the data from the memory array comprises reading thedata from a portion of the memory array corresponding to a first logicalpartition; and the method further comprises, in response to thecalculated cryptographic measure not matching the golden measure,replacing the first logical partition of data with a second logicalpartition of data.
 25. The method of claim 21, further comprising, inresponse to the error correction code component failing to correct theuser data with the second error correction data: rereading, by aninternal controller of the memory device, the data from the memoryarray; and correcting, by the error correction code component, the userdata of the reread data with the second error correction data of thereread data.
 26. The method of claim 21, further comprising, in responseto the error correction code component failing to correct the user datawith the second error correction data: reading, by the externalcontroller, the data from the array; and correcting, by the externalcontroller, the user data of the data read by the external controllerwith the first error correction data.
 27. The method of claim 26,wherein the user data corrected by the external controller is externallycorrected user data, the method further comprising: sending theexternally corrected user data to the cryptographic component withoutcorrecting, by the error correction code component of the memory device,the externally corrected user data.
 28. The method of claim 21, furthercomprising verifying a cryptographic signature of a command receivedfrom the external controller by comparing the cryptographic signature ofthe command to a cryptographic signature calculated, by thecryptographic component, from the command and a cryptographic key storedin the array.